"Managing" cloud-based records

By Jesse Wilkins posted 05-24-2010 11:48

  
Last week I got the opportunity to attend and present at the annual Managing Electronic Records (http://www.merconference.com) conference. My presentation was on "Social Media and Records Management: Operational Benefits and Legal Challenges". I co-presented with Sara Meaney of Comet Branding and Ron Hedges, a retired state judge. Earlier in the day, Jim Coulson of Huron Consulting gave a keynote of sorts on "The Imminent Demise of Records and Information Management As We Know It". He talked a lot about the cloud as part of that premise. I put "managing" in quotes in the title because I think that's still how most of us think about it - that it can't really be managed. And yet as we developed our presentation, and as I listened to Jim's presentation, a couple of things stood out for me in terms of how we can and should be managing cloud-based records and information. The first is that records is records. What I mean by that is that the fundamental principles underlying records management remain true whether the record is paper, electronic, or cloudy. Information should be managed according to its value to the organization. Organizations cannot get rid of information in the face of litigation or open records requests. Individuals should be accountable for what they create or post, particularly when done in their official capacity. The Financial Industry Regulatory Authority (FINRA) has issued precisely that guidance (http://www.finra.org/Industry/Regulation/Notices/2010/P120760) to its members; for example, "Historically, some blogs have consisted of static content posted by the blogger. FINRA considers static postings to constitute “advertisements” under Rule 2210." This is not to say that we won't require different tactics. Blogs and Facebook pages that allow public comments are different beasts from self-contained and completely controlled records. A stream of Tweets is different than an equivalent stream of instant messages. And text messages are different than emails. But the general idea remains the same. Finally, I can't remember whether Jim said this or someone else, but I thought it captured the point perfectly. Many records managers (and many IT professionals for that matter) are fearful of outsourcing their records to a cloud-based provider because of security and privacy concerns. They worry that the vendor might inadvertently lose or destroy or cause their records to be lost through an equipment malfunction. They worry that their records could be intercepted in transit or that someone could break into the virtual storage center. They worry that confidential materials could be compromised or that collocation could compromise the privacy of their records. And then they call their local offsite physical records storage vendor and arrange for a driver to come pick up 30 unlocked cardboard boxes filled with credit card statements, drive them across open roads to a storage facility, and file them next to everyone else's boxes of records in a facility that is disaster-resistant but by no means disaster-proof. So. How do we "manage" these records in the cloud today? The most direct answer is by storing local copies of relevant content which can then be managed locally. In the case of most of these tools, the easiest way to do that today is to subscribe to the site using RSS. Once those updates come into the organization it is a relatively simple matter to store and retain them for the required period. For those sites that do not support RSS natively, there are tools available to periodically and automatically capture snapshots of the content and send that down. This is not the ideal solution but it's better than nothing and better than doing it manually. It's also important to make some decisions about what needs to be retained and what doesn't. In other words, if the organization uses a hosted wiki service to create documents, whether to retain the entire wiki or just the final published document should be a function of the nature of the document and whether the organization routinely keeps drafts for other authoring processes. If it doesn't, don't keep the wiki, keep the document. We are starting to see compliance tools, the same way these started to emerge 10+ years ago with instant messaging tools. As more organizations ask for more and better tools, this market will continue to emerge. But we're not quite there just yet and it will require us to continue to push for these tools. How would - or DO - you manage the information your organization stores "in the cloud"?

#MER #cloud #wiki #ElectronicRecordsManagement #twitter #Records-Management #blog #web2.0
0 comments
32 views